A telecommunications law associate professor in Australia has called for new laws banning the use of face recognition technology to visual images online in an effort to identify people without prior consent, according to a report by Phys.org.

In a paper published in the International Journal of Law and Information Technology, Associate Professor Niloufer Selvadurai states that there has been a lack of laws regarding face recognition technologies, and in particular, no laws which specifically address the issue of unauthorized application of face recognition technologies to online images.

With the increasing popularity of uploading photographs on social networking sites, the paper calls for law and policy makers around the world to see this as a critical issue.

“There is a need to protect individual identity and autonomy through enactment of appropriate laws to countervail the potential threats to privacy posed by the application of facial recognition technologies,” writes Selvadurai.

The article uses Australian law as an example case study, along with analyzing laws and social practices in other countries.

Selvadurai discusses how facial recognition technology could be easily accessible to the general public, while the current approach to the technology is not suitable to the modern digital environment.

When establishing new laws to protect privacy rights from face recognition technology, lawmakers should consider a ‘two-way mirror model of the internet’ in which public and private users are both watching and being watched, said Selvadurai.

“The law should be responsible for creating private spaces within the otherwise public space of the internet,” writes Selvadurai, adding that “it is recommended that a new part be added to the Criminal Code that prohibits the application of face recognition technologies to visual images on the internet so as to obtain information on identity.”

Additionally, Selvadurai emphasizes that there ought to be exceptions to national security and law enforcement.

Selvadurai makes a few recommendations for laws that would promote the protection of online identity, increasing one’s anonymity by ensuring that the individual is “just a face in the crowd”.

Let’s assume I start data mining the faces of the entire facebook population of, say 2 billion people (2E9). And I am using a state of the art, fantastically accurate, face recognition algorithm, with a false match rate of only 0.1% (1E-3) at a false non match rate of 1:10000. Do the math: for each random face in the crowd that I’m trying to identify, even when it is present in my facebook database, I will receive my true match somewhere in a list of 2E9 * 1E-3 = 2E6 = 6 million false matches.

So to actually identify the face in the crowd I will need to combine this set with other data, like cell phone numbers, smartphone location data. But if I can do that I don’t need mass facial recognition at all.

Conclusion: faces in the crowd will remain just that.

The odds are much better when the population is restricted, like with the known customer base of a shop, club, bar, institution, etc. But then it isn’t mass recognition any more. And it becomes a question of getting the consent of this group for the purpose of the recognition.